Society is becoming ever more data driven. Companies are able to track their operations at increasing levels of granularity. For individuals, as more and more of their activity takes place, or is tracked, in the digital world, their personal information is often recorded, used, shared, and sold. Even discounting nefarious activities such as hacking, phishing, malware, and viruses, a tremendous amount of information regarding individuals can be gathered through sources such as the websites an individual visits, their actions on the websites, and activity on social networks. Sensitive information, such as personal data, can be stored by companies, such as banks, medical providers, and employers.
Individuals and governments are increasingly concerned about the collection and use of personal information. Various laws and regulations have been passed to try and specify what information about an individual can be collected, how it can be collected, and how it can be processed, shared, or transferred. While such laws can be beneficial for individuals, it can be difficult for companies, and particularly the individuals working at companies, to be aware of all the various laws and regulations that might apply to their activities. Even if a company or employee is aware of a law or regulation, laws and regulations can be difficult to understand, and their ramifications may not be clear without additional context. Thus, even when companies and employees wish to comply with relevant laws and regulations regarding the use of personal information, it can be difficult to accomplish in practice.